The abuse of access to the Internet and e-mail systems in the work place present employers with new disciplinary issues and other difficulties. Legal disputes arising from the misuse of e-mail and the Internet are becoming more frequent. The purpose of this brief is to provide a short analysis of the prevailing legal position regarding e-mail and internet use, to highlight some of the potential pitfalls facing employers and to present suggestions regarding strategies for dealing with problem areas.
The Nature Of The Problem
Due to the rapid introduction of Internet access and e-mail systems in the work- place few employers have developed comprehensive policy and practices to guide employees in the proper use of these business tools. The inherent difficulty with e-mail is that it tends to be seen as an informal system. There are often no set rules as to how or when e-mail may be used and the tone of e-mails are generally more informal and discursive than printed correspondence.
As a business tool e-mail has become indispensable as it allows massive amounts of information to be exchanged speedily and easily. E-mail has however also developed a social function as an easy and efficient way to catch up on news, stay in touch with friends and loved ones or as an outlet for office gossip. Many employees engage in what is loosely termed "cyberloafing" which refers to either the endless surfing of web-sites or spending excessive time writing non-work related e-mails. The obvious disadvantage to employers is that working time is wasted and productivity is negatively affected. The problem is exacerbated by the development of various on-line services such as electronic banking and shopping, as well as the growth in Internet pornography.
E-mail also represents an immediate form of communication and is seldom edited before being sent to the same extent as other correspondence. This characteristic of e-mail communication also increases the risk that messages may be sent in anger or jest without consideration of the consequence of releasing the message into an uncontrolled external environment. The fact that e-mails can be passed onto third parties at the click of a button compounds the risks. For example, e-mail defamation is increasing.
The following three examples from foreign case law illustrate what may go wrong if e-mail is used irresponsibly:
1. Provident Society v Norwich Union
The English Court found that Norwich Union had defamed a competitor by sending an e-mail message wrongly suggesting that its competitor was close to insolvency. The message was initially only sent on Norwich Union’s own internal e-mail system but was inadvertently transmitted to third parties and found its way back to Provident which sued for damages. The High Court held that Norwich was responsible for what had been written on the system by its employees and ordered payment of £450 000 as compensation to Provident.
2. US Auto Workers
In this American case a group of Black employees successfully sued their employer for racial harassment. The employees alleged that a hostile working environment had been created by e-mail parodies of African American speech patterns circulated on the internal e-mail system.
3. 1267623 Ontario v Nexx Online
In this Canadian case the service provider Nexx sued 1267623 Ontario, an Internet advertiser for breach of contract. Nexx as service provider had a clause in its standard contract insisting that its users had to follow the generally accepted rules of "Netiquette" for sending e-mail messages. The sending of large numbers of unsolicited e-mail advertisements by 1267623 Ontario was found to be a breach of this contractual provision.
Any of these scenarios could conceivably occur in South Africa.
JM Burchell The Law of Defamation in South Africa (1985) at 35 provides the following definition of defamation:
"the unlawful, intentional, publication of defamatory matter (by words or conduct) referring to the plaintiff, which causes his reputation to be impaired."
It is clear that in terms of the above definition an e-mail could easily contain defamatory statements and give rise to claims for damages. Vicarious liability for defamation could under certain circumstances attach to the employer.
Intellectual property rights could also be violated by employees making use of their employer’s Internet access or e-mail facilities. The intellectual property rights website "owners" present a specific risk in this regard. Employers could attract vicarious liability for such violations.
There are also Company law issues that relate to the distribution of e-mail. In terms of the Companies Act 61 of 1973 it is a requirement that all official company communications reflect the full name of the company and its registration number. In certain instances this may extend to having the details of the company secretary and other information about the directors on the letterhead. To the extent that an e-mail is used to communicate official company information and does not contain the above information the directors commit a criminal offence.
An employer could also be held liable in delict if an employee inadvertently, negligently or intentionally sends a virus by e-mail to another company. Liability may arise against the company should the recipient be able to show that the sender caused damage and that such damage arose negligently. Certain companies offer disclaimers as an insurance against this sort of eventuality but they have yet to be tested in the South African Courts.
Formulating A Policy Response To E-Mail Abuse
In order to formulate a proper Internet and e-mail use policy it is necessary first to evaluate the scale and nature of e-mail and Internet use in the workplace. Different levels of use may require different technical and human resources approaches.
A popular control measure with large scale users is the use of increasingly sophisticated software that monitors both the content of e-mail as well the type of web sites employees are surfing. If someone is sending abusive e-mail certain software packages are able to pick this up. This provides a powerful tool for the employer. However, there may be legal implications with this type of monitoring which we discuss below. A further problem is that this type of software can be expensive and requires sophisticated in-house IT support.
The use of software to monitor the situation is only part of the solution. It is fundamental to the process that employers design and formulate a policy that sets out acceptable use guidelines in the workplace. The policy should set out the standards for acceptable e-mails content and should lay down guidelines for when and for how long people may use the Internet or send personal e-mails. A policy should also set out the requisite penalties for failure to adhere to the prescribed policy.
An important consideration is that computer resources in the workplace are provided and paid for by the employer and are used for the specific purpose of the employee’s work. Accordingly all e-mail generated should theoretically be done in the course of work related activities. An employer is equally entitled to regulate e-mail, Internet and telephone use in the office. Given the relatively negligible additional cost of reasonable private e-mail and internet use and the difficulty of totally excluding private use of such facilities it may be advisable to allow acceptable private of use of the system for personal activities. The reasonable standard to be applied in this regard should be determined by the employer.
It is very important that the employees be made aware that they should have no expectation of privacy in relation to information stored on computers provided by the employer. Here the employer should make it clear that it may monitor or read messages if it believes the situation warrants it.
The Interception and Monitoring Prohibition Act 127 of 1992, governs the monitoring of transmissions including e-mail. Section 2(1) states :
"no person shall-
(a) intentionally and without the knowledge or permission of the dispatcher intercept a communication which has been or is being or is intended to be transmitted by telephone or in any other manner over a telecommunications line; or
(b) Intentionally monitor any conversations or communications by means of a monitoring device so as to gather confidential information concerning any person, body or organisation."
To satisfy these provisions the employer must inform employees that it may read the employee’s messages and it should describe under what circumstances it will do so. For example, a policy could stipulate that in the event of a suspected misconduct involving abuse of the internet or e-mail facilities of the employer, the employer reserves the right to monitor suspected employee’s e-mail and web.
There have also been some interesting developments in South African case law. In Protea Technology v Wainer 1997 (9) BCLR 1225 (W), the applicant sought an interdict restraining the respondents from competing unlawfully with the applicant. The applicant had annexed to the founding affidavit the transcripts of tape recordings of telephone calls made and received by the respondent whilst in the applicant’s employ. Recordings had been made clandestinely by means of a "bugging" device. The court held that the respondent had been employed in a position of trust. The telephone conversations were conducted from the applicant’s premises during business hours. The court held that where the parties have an employer/employee relationship telephone conversations of the employee relating to the employer’s affairs were not private and were not protected by the Constitution.
The courts in Tap Wine Trading cc v Cape Classic Wines 1999(4) SA 194 ruled that the Interception and Monitoring Prohibition Act did not expressly or by necessary implication render the production of recordings made in contravention of its terms inadmissible in evidence before a court trying a civil dispute. It was also held that in the conduct of civil litigation only, i.e. the use of a ‘trap’ in regard to electronic surveillance did not infringe any constitutional right. The courts therefore have discretion to admit recordings made in contravention of the Interception and Monitoring Prohibition Act as evidence in civil proceedings.
The Court also held that the employer had a contractual right to know this information and had an added interest if the employee was engaged in a delict against the employer. The employer cannot listen to private conversations although the employee could be expected to account for his activities during this time. The court held further that as soon as the employee abandoned his private sphere for the affairs of his employer, he lost the benefit of privacy.
The same principles in regard to telephone conversations will probably apply to monitoring of employee’s Internet surfing and e-mail activities.
Other areas that should be covered in the policy document relate to confidential information, and that employees must take care not to release any confidential information on to the internet or via e-mail relating to business plans, marketing strategies, etc. Depending on the work environment it may be necessary to list specific types of behaviour as unacceptable. For example, the sending of racist, sexist or abusive jokes, the sending of commercial advertising for another business, or a prohibition on joining Usenet newsgroups from the workplace.
In order to decide what disciplinary action arises in the context of e-mail abuse the employer will have to evaluate what type of response is required. Any response must comply with Schedule 8 of the Labour Relations Act 66 of 1995, in that it must be fair and consistent and any disciplinary rules must be communicated clearly to employees. In certain areas such as sexual harassment it would be sufficient to utilise existing disciplinary rules to deal with an offence. In other respects it may be necessary to create specific responses to certain problems.
A final issue that any policy on Internet use and e-mail use needs to address is who will manage the monitoring of e-mail and Internet use within the work place. This is a critical issue, as any policy that is created will fall short if it is not implemented correctly. Employers who have the resources to do so may prefer to create a multidisciplinary approach to monitoring and enforcing policies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.